You might also want to read the INSTALL file in the PHP-distribution
:-)
-b. Setting up .php files to use PHP4
+b. Changing php.ini
+
+ PHP defaults to look for php.ini (PHP's configuration file) in
+ /usr/local/lib. However, for security reasons, it is suggested
+ that the location of this file is changed to someplace else. This
+ can be done at configure time with the configuration directive
+ --with-config-file-path=PATH.
+
+ Squirrelmail does not use cookies as of version 0.4. Edit the
+ php.ini file and change session.use_cookies to 0 (false). Also be
+ sure to change the session.save_path to someplace that can only be
+ read and written to by the webserver. session.save_path is the
+ location that PHP's session data will be written to.
+
+ SECURITY WARNING - SquirrelMail saves non plaintext passwords in
+ PHP's session data to log on to the IMAP server. If a user has
+ access to write PHP scripts on your system and knows the location
+ where PHP stores session data, he could get a listing of the
+ sessions being used and then read a given session's data with his
+ own PHP script. Caution should be used when setting up permissions
+ and locations of php.ini and the session data.
+
+c. Setting up .php files to use PHP4
You need to create a .htaccess file in you SquirrelMail directory
that looks something like this:
You could also add these lines to your Apache configuration file.
-c. Running into trouble
+d. Running into trouble
Setting up Apache with PHP4 can be a non-trivial task. Read the PHP4
and Apache documentation carefully if you run into trouble. If you
projects / squirrelmail.git / blobdiff